CVE-2016-1762: The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

CVE-2015-8806 [HIGH] libxml2 vulnerabilities Title: libxml2 vulnerabilities Summary: Several security issues were fixed in libxml2. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malfo

CVE-2016-1762 [HIGH] CWE-122 libxml2: Heap-based buffer-overread in xmlNextChar libxml2: Heap-based buffer-overread in xmlNextChar The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Package: libxml2 (Red Hat Enterprise Linux 5) - Will not fix Package: libxml2 (Red Hat JBoss Enterprise Web Server 3) - Affected

CVE-2016-1762 [HIGH] CVE-2016-1762: libxml2 - The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to caus... The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg1-1.1) sid: resolved (fixed in 2.9.3+dfsg1-1.1) trixie: resolved (fixed in 2.9.3+dfsg1-1.1)

CVE-2016-1762 [HIGH] CVE-2016-1762: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1762 Component: CVE-2016-1762

CVE-2016-1762 [HIGH] CVE-2016-1762: tvOS 9.2 Apple Security Update: About the security content of tvOS 9.2 Product: tvOS Version: 9.2 CVE: CVE-2016-1762 Component: CVE-2016-1762

CVE-2016-1762 [HIGH] CVE-2016-1762: watchOS 2.2 Apple Security Update: About the security content of watchOS 2.2 Product: watchOS Version: 2.2 CVE: CVE-2016-1762 Component: CVE-2016-1762 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: A type confusion issue was addressed through improved memory handling.

CVE-2016-1762 [HIGH] CVE-2016-1762: OS X El Capitan v10.11.4 and Security Update 2016-002 Apple Security Update: About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 Product: OS X El Capitan v10.11.4 and Security Update 2016-002 CVE: CVE-2016-1762 Component: CVE-2016-1762

CVE-2016-1762 [HIGH] CWE-119 GHSA-r6h3-3q3x-3wcr: The xmlNextChar function in libxml2 before 2 The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

CVE-2015-8806 [HIGH] libxml2 vulnerabilities libxml2 vulnerabilities It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into

CVE-2016-1762 [HIGH] CVE-2016-1762: The xmlNextChar function in libxml2 before 2 The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

[MEDIUM] Multiple issues in Libxml2 (2.9.2 - 2.9.5) Multiple issues in Libxml2 (2.9.2 - 2.9.5) Libxml2 is the XML C parser and toolkit developed for the Gnome project. Due to its flexible C implementation and continuous development, Libxml2 is known to be very portable, the library builds and works on a variety of systems (Linux, Unix, Windows, CygWin, MacOS, MacOS X, RISC Os, OS/2, VMS, QNX, MVS, VxWorks, ...). It is or has been adopted by many major vendors or products including Google (Chrome), VMWare, Apple (Safari, Mac OSX, iOS, ...), and many embedded systems. As in the [Google Patch Rewards](https://www.google.com.sg/about/appsecurity/patch-rewards) , Libxml2 is listed in the category of core infrastructure data parsers. From 2015-2016, our fuzzing work on Libxml2 has systematically identified a sequence of bugs including use-after

CVE-2016-1762 [HIGH] CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-a CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE

CVE-2016-1762 [HIGH] CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fe CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention t

CVE-2016-1762 [HIGH] CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar A vulnerability was found in the libxml2 library. A heap-based buffer overread could happen in xmlNextChar. References: https://bugzilla.gnome.org/show_bug.cgi?id=759671 Upstream fix: https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602 Discussion: This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292 --- Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1349794] --- Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1349795] --- This issue has been addressed in the following products: Via RHSA-2016:2957

ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization ShadowBound [1]blue#1 : Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization -10pt Zheng Yu Northwestern University Ganxiang Yang Northwestern University Xinyu Xing Northwestern University ### Abstract In software development, the prevalence of unsafe languages such as C and C++ introduces potential vulnerabilities, especially within the heap, a pivotal component for dynamic memory allocation. Despite its significance, heap management complexities have made heap corruption pervasive, posing severe threats to system security. While prior solutions aiming for temporal and spatial memory safety exhibit overheads deemed impractical, we present , a unique heap memory protection design. At its core, is an efficient out-of-bounds defe